Fatal编程技术网
  • ssl/
  • AWS负载平衡器的SSL证书

AWS负载平衡器的SSL证书

ssl amazon-web-services amazon-ec2

AWS负载平衡器的SSL证书,ssl,amazon-web-services,amazon-ec2,Ssl,Amazon Web Services,Amazon Ec2,我首先遵循AWS文件中的说明: openssl genrsa-out mykey-private-key-file.pem 2048 openssl ecparam-name prime256v1-out mykey-private-key-file.pem-genkey openssl req-sha512-new-key mykey-private-key-file.pem-out mykey csr.pem 但是当我们试图提交我们的CSR时,它抱怨了,所以我遵循了rapidssl上的说明:

我首先遵循AWS文件中的说明:

openssl genrsa-out mykey-private-key-file.pem 2048
openssl ecparam-name prime256v1-out mykey-private-key-file.pem-genkey
openssl req-sha512-new-key mykey-private-key-file.pem-out mykey csr.pem

但是当我们试图提交我们的CSR时,它抱怨了,所以我遵循了rapidssl上的说明:

openssl genrsa-des3-out mykey-private-key-file.pem 2048
openssl req-new-key mykey-private-key-file.pem-out mykey-csr.pem
openssl req-new-key mykey-private-key-file.pem-out mykey csr.pem

我们通过x.509 Web服务器证书和中间CA获得了批准响应

当我将
mykey私钥文件.pem
复制到EC2管理控制台上的“私钥”字段时,它会抱怨:

创建证书时出错 无法分析密钥;正文已加密。“

我真的不知道我在做什么。我试着像他们在这里建议的那样转换私钥:但是它不匹配。这是否意味着我必须重新经历这一过程?

事实上,这是因为我的电子邮件的复制和粘贴。即使我先把它复制到文本编辑器中。完全不正确的错误消息

但我必须从geekpete链接运行这一步骤

openssl rsa-in yourwebsite\u private.key-out pem-yourwebsite\u private.key

实际上这是因为我的电子邮件中的复制和粘贴。即使我先把它复制到文本编辑器中。完全不正确的错误消息

但我必须从geekpete链接运行这一步骤

openssl rsa-in yourwebsite\u private.key-out pem-yourwebsite\u private.key

由于我也花了一段时间才弄明白这一点,我想我会在这里发布我的过程(希望它能节省一些时间)

此过程假定您已经知道如何从您喜爱的证书颁发者处请求证书

您只需在“yourDomain”上查找并替换,然后在bash提示符下运行这些命令。OSX或几乎任何Linux版本都可以

# to generate a certificate request
openssl req -new -newkey rsa:2048 -nodes -keyout yourDomain.key -out yourDomain.csr

# Sumbit the CSR. When the CRT file comes back...
# Open the cert in a text editor...
# create a new file
vi yourDomain.crt

# press 'i' to start insert mode
# paste the contents of the CRT file you received
# prese ESC, then 'wq', then enter. This saves the file and exits VIM

# convert the CRT you just wrote to disk into the PEM format expected by ELB
openssl x509 -in yourDomain.crt -out yourDomain.pem -outform PEM

# convert the private key to PEM format expected by ELB
openssl rsa -in yourDomain.key -outform PEM -out yourDomain.pem.key

# display the contents of the private key file and certificate file so you can paste them into the dialog when setting up the listener on the ELB
cat yourDomain.pem.key
cat yourDomain.pem
由于我也花了一段时间才弄明白这一点,我想我会在这里发布我的流程(希望它能节省一些时间)

此过程假定您已经知道如何从您喜爱的证书颁发者处请求证书

您只需在“yourDomain”上查找并替换,然后在bash提示符下运行这些命令。OSX或几乎任何Linux版本都可以

# to generate a certificate request
openssl req -new -newkey rsa:2048 -nodes -keyout yourDomain.key -out yourDomain.csr

# Sumbit the CSR. When the CRT file comes back...
# Open the cert in a text editor...
# create a new file
vi yourDomain.crt

# press 'i' to start insert mode
# paste the contents of the CRT file you received
# prese ESC, then 'wq', then enter. This saves the file and exits VIM

# convert the CRT you just wrote to disk into the PEM format expected by ELB
openssl x509 -in yourDomain.crt -out yourDomain.pem -outform PEM

# convert the private key to PEM format expected by ELB
openssl rsa -in yourDomain.key -outform PEM -out yourDomain.pem.key

# display the contents of the private key file and certificate file so you can paste them into the dialog when setting up the listener on the ELB
cat yourDomain.pem.key
cat yourDomain.pem